CVE-2025-9408

Summary

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes.

Affected Software

VendorProductVersion RangeStatus
zephyrproject-rtosZephyr* <= 4.2affected

Weaknesses

  • CWE-270: Privilege Context Switching Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References